Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

0bae28922a...5b.exe

windows7-x64

10

0bae28922a...5b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0bae28922ad0fc2e5d92b6bf45fd23efb20c2639fafef7bcb0e12b642e2a9f5b.zip

  • Size

    205KB

  • Sample

    230311-s784zsac32

  • MD5

    fceb9b7f9843ae522ff8157146472a89

  • SHA1

    e5ba023a162bec11b43f45e18afe4cad312196d6

  • SHA256

    9f81b0dad3656a63aaeeba4b098390b50d7163f6c5ace889c4c25beae9946b93

  • SHA512

    6bccce2015576ec67624039158f10ab180d74a7ea3c2293f0a9020c1558295c41029480b61027fa3766c4e774589da5728089a517e92ed4f7df5f5b9cf8bf62c

  • SSDEEP

    3072:27S+SFqN5wafDfnCGyV8LSO8n9Z3LxEBzGELbabAGG9Zi9WRXbwHdPCI:27xAqXfCGy+GZ31+zGELbkG9JOPv

Score
10/10
gcleanerloader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      0bae28922ad0fc2e5d92b6bf45fd23efb20c2639fafef7bcb0e12b642e2a9f5b.exe

    • Size

      274KB

    • MD5

      fc9d6c44a166ea2f7f93de619b904481

    • SHA1

      e47a116cf55e7f3dbb141f0dc4b6c75875fec38a

    • SHA256

      0bae28922ad0fc2e5d92b6bf45fd23efb20c2639fafef7bcb0e12b642e2a9f5b

    • SHA512

      4a60cc0a48f6ec442e6244d9b1a488b6644e250f726631dab286470eee80ccc5f86296abcbacdda233d4f7dbc24973fd8e1476ad302dba21c2302bc9c8a72cf2

    • SSDEEP

      6144:QgnrhUFa2TGI5Z6p+F8duWDHoGjiXECnrSenXJ0v:Qgnr/2TGI5Z6pjEWSBneen5u

    Score
    10/10
    gcleanerloader

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

      loadergcleaner

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks